According to CertiK (1), December saw the fewest notable occurrences of cryptocurrencies stolen in 2022, with about 23 total.
The firms affected
December had $62.2 million worth of cryptocurrencies stolen, the "lowest monthly amount" of the year according to CertiK, suggesting that cryptocurrency hackers and exploiters may have slowed down for the 2022 holidays. On December 31, the blockchain security firm tweeted a list of the most important assaults that day. According to the report, the approach that took the most value over the month was the $15.5 million exit scam, followed by the $7.6 million flash loan-based exploits.
A subsequent tweet on January 1 showed that the 23 biggest exploits were accountable for about $15 million Helio Protocol event on December 2 was the biggest of the month, accounting for 98.5% of the $62.2 million total. The protocol that controls the stablecoin HAY (HAY) incurred a loss when a trader borrowed millions of dollars worth of HAY by taking advantage of a price differential in Ankr Reward Bearing Staked BNB (NBC).
The Vulnerabilities present
Decentralized finance (DeFi) protocol Ankr also experienced a different vulnerability at the time, which resulted in the attacker creating 20 trillion aBNBc and driving down the value of the protocol. The loan was considerably undercollateralized because of the Helio trader's hasty deposit of NBC tokens, which caused the protocol to lose money and caused its stablecoin to debug. The $12.9 million theft of Defrost Finance's v1 and v2 systems was the month's second-largest event. On December 23, an attacker used a flash loan attack to destroy v2 protocols by introducing a false collateral token and a malicious pricing oracle.
Although payments for the v2 attack have not yet been returned, the hacker returned the monies taken from the v1 protocol to an address owned by Defrost days after the exploit. Due to the need for an admin key to carry out the assault, CertiK classified the issue as an "exit scam. Defrost refuted the claims that the key had been hacked.
#CertiKStatsAlert 🚨
— CertiK Alert (@CertiKAlert) December 1, 2022
36 major attacks were recorded in November totalling a loss of ~$595 Million.
As always, make sure a project has an audit & KYC before investing!
Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm
The December amount is significantly lower than the previous month, representing an 89.5% drop from the $595 million exploits spread over 36 big occurrences that CertiK detected in November 2022—distorted by the FTX cryptocurrency exchange's $477 million breach. Just the ten biggest exploits of the year in total for 2022 transferred $2.1 billion to malicious actors, mostly via cross-blockchain bridges and DeFi protocols.
